CVE-2017-17158

2018-05-2414:00:00

huawei

www.cve.org

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user’s smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.

CNA Affected

[
  {
    "product": "Berlin-L21HN; Prague-AL00A; Prague-AL00B; Prague-AL00C; Prague-L31; Prague-TL00A; Prague-TL10A",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "The versions before Berlin-L21HNC185B381"
      },
      {
        "status": "affected",
        "version": "The versions before Prague-AL00AC00B223"
      },
      {
        "status": "affected",
        "version": "The versions before Prague-AL00BC00B223"
      },
      {
        "status": "affected",
        "version": "The versions before Prague-AL00CC00B223"
      },
      {
        "status": "affected",
        "version": "The versions before Prague-L31C432B208"
      },
      {
        "status": "affected",
        "version": "The versions before Prague-TL00AC01B223"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en